Microsoft SQL servers accessible through the internet have been targeted with brute-force attacks distributing the novel Mimic ransomware variant dubbed "FreeWorld," according to The Record, a news site by cybersecurity firm Recorded Future.
Dictionary-based or random password spray attempts are being conducted by threat actors in a bid to crack the passwords of targeted Microsoft SQL databases, which will then be followed by the utilization of SQL to facilitate network mapping, credential exfiltration, and FreeWorld deployment, a report from Securonix revealed.
Further examination of an organization victimized by the operation revealed that while the organization's firewall was able to thwart numerous attacker tools, it was eventually infiltrated with the use of the AnyDesk remote access software.
"This is not something we have been seeing often, and what truly sets this attack sequence apart is the extensive tooling and infrastructure used by the threat actors," said Securonix Vice President of Threat Research Oleg Kolesnikov.
Novel FreeWorld ransomware deployed in attacks against Microsoft SQL servers
Microsoft SQL servers accessible through the internet have been targeted with brute-force attacks distributing the novel Mimic ransomware variant dubbed "FreeWorld," according to The Record, a news site by cybersecurity firm Recorded Future.
The U.S. Department of Justice announced that Ukrainian national Mark Sokolovsky, also known as raccoon-stealer, black21jack77777, and Photix, has admitted guilt in operating the Raccoon Infostealer malware-as-a-service operation.
Attacks part of the scheme — which were noted by Swiss authorities to have exceeded 260 between August 2023 and April 2024 — involved the suspects leveraging QR codes that redirected to payment platform-spoofing websites.
Information purportedly stolen by Meow ransomware included client and employee data, scanned payment files, personal details, addresses, banking details, certificates, and criminal records.